Authorization for the Internet of Things using OAuth 2.0

Document Type Replaced Internet-Draft (individual)
Authors Ludwig Seitz  , Göran Selander  , Erik Wahlstroem  , Samuel Erdtman  , Hannes Tschofenig 
Last updated 2015-10-19
Replaced by draft-ietf-ace-oauth-authz
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-ace-oauth-authz
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo defines how to use OAuth 2.0 as an authorization framework with Internet of Things (IoT) deployments, thus bringing a well-known and widely used security solution to IoT devices. Where possible vanilla OAuth 2.0 is used, but where the limitations of IoT devices require it, profiles and extensions are provided.


Ludwig Seitz (
Göran Selander (
Erik Wahlstroem (
Samuel Erdtman (
Hannes Tschofenig (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)